creds_test.go 3.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134
  1. // Copyright 2012 The Go Authors. All rights reserved.
  2. // Use of this source code is governed by a BSD-style
  3. // license that can be found in the LICENSE file.
  4. // +build linux
  5. package unix_test
  6. import (
  7. "bytes"
  8. "go/build"
  9. "net"
  10. "os"
  11. "testing"
  12. "golang.org/x/sys/unix"
  13. )
  14. // TestSCMCredentials tests the sending and receiving of credentials
  15. // (PID, UID, GID) in an ancillary message between two UNIX
  16. // sockets. The SO_PASSCRED socket option is enabled on the sending
  17. // socket for this to work.
  18. func TestSCMCredentials(t *testing.T) {
  19. socketTypeTests := []struct {
  20. socketType int
  21. dataLen int
  22. }{
  23. {
  24. unix.SOCK_STREAM,
  25. 1,
  26. }, {
  27. unix.SOCK_DGRAM,
  28. 0,
  29. },
  30. }
  31. for _, tt := range socketTypeTests {
  32. if tt.socketType == unix.SOCK_DGRAM && !atLeast1p10() {
  33. t.Log("skipping DGRAM test on pre-1.10")
  34. continue
  35. }
  36. fds, err := unix.Socketpair(unix.AF_LOCAL, tt.socketType, 0)
  37. if err != nil {
  38. t.Fatalf("Socketpair: %v", err)
  39. }
  40. defer unix.Close(fds[0])
  41. defer unix.Close(fds[1])
  42. err = unix.SetsockoptInt(fds[0], unix.SOL_SOCKET, unix.SO_PASSCRED, 1)
  43. if err != nil {
  44. t.Fatalf("SetsockoptInt: %v", err)
  45. }
  46. srvFile := os.NewFile(uintptr(fds[0]), "server")
  47. defer srvFile.Close()
  48. srv, err := net.FileConn(srvFile)
  49. if err != nil {
  50. t.Errorf("FileConn: %v", err)
  51. return
  52. }
  53. defer srv.Close()
  54. cliFile := os.NewFile(uintptr(fds[1]), "client")
  55. defer cliFile.Close()
  56. cli, err := net.FileConn(cliFile)
  57. if err != nil {
  58. t.Errorf("FileConn: %v", err)
  59. return
  60. }
  61. defer cli.Close()
  62. var ucred unix.Ucred
  63. ucred.Pid = int32(os.Getpid())
  64. ucred.Uid = uint32(os.Getuid())
  65. ucred.Gid = uint32(os.Getgid())
  66. oob := unix.UnixCredentials(&ucred)
  67. // On SOCK_STREAM, this is internally going to send a dummy byte
  68. n, oobn, err := cli.(*net.UnixConn).WriteMsgUnix(nil, oob, nil)
  69. if err != nil {
  70. t.Fatalf("WriteMsgUnix: %v", err)
  71. }
  72. if n != 0 {
  73. t.Fatalf("WriteMsgUnix n = %d, want 0", n)
  74. }
  75. if oobn != len(oob) {
  76. t.Fatalf("WriteMsgUnix oobn = %d, want %d", oobn, len(oob))
  77. }
  78. oob2 := make([]byte, 10*len(oob))
  79. n, oobn2, flags, _, err := srv.(*net.UnixConn).ReadMsgUnix(nil, oob2)
  80. if err != nil {
  81. t.Fatalf("ReadMsgUnix: %v", err)
  82. }
  83. if flags != 0 {
  84. t.Fatalf("ReadMsgUnix flags = 0x%x, want 0", flags)
  85. }
  86. if n != tt.dataLen {
  87. t.Fatalf("ReadMsgUnix n = %d, want %d", n, tt.dataLen)
  88. }
  89. if oobn2 != oobn {
  90. // without SO_PASSCRED set on the socket, ReadMsgUnix will
  91. // return zero oob bytes
  92. t.Fatalf("ReadMsgUnix oobn = %d, want %d", oobn2, oobn)
  93. }
  94. oob2 = oob2[:oobn2]
  95. if !bytes.Equal(oob, oob2) {
  96. t.Fatal("ReadMsgUnix oob bytes don't match")
  97. }
  98. scm, err := unix.ParseSocketControlMessage(oob2)
  99. if err != nil {
  100. t.Fatalf("ParseSocketControlMessage: %v", err)
  101. }
  102. newUcred, err := unix.ParseUnixCredentials(&scm[0])
  103. if err != nil {
  104. t.Fatalf("ParseUnixCredentials: %v", err)
  105. }
  106. if *newUcred != ucred {
  107. t.Fatalf("ParseUnixCredentials = %+v, want %+v", newUcred, ucred)
  108. }
  109. }
  110. }
  111. // atLeast1p10 reports whether we are running on Go 1.10 or later.
  112. func atLeast1p10() bool {
  113. for _, ver := range build.Default.ReleaseTags {
  114. if ver == "go1.10" {
  115. return true
  116. }
  117. }
  118. return false
  119. }